Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Select Insiders To Attack Telecom Providers (helpnetsecurity.com)

Posted by EditorDavid on from the job-security dept.

An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources...

According to Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify the employees who can enable network mapping and man-in-the-middle attacks.

11 of 24 comments (clear)

  1. Not surprising by Anonymous Coward · · Score: 1

    This is not surprising given the industry's constant attack on employee satisfaction. Offshoring, outsourcing, cutting hours and benefits, crappy working conditions. Inside-out security begins with not screwing people over. The companies have shit in their own bed.

  2. Our employees ... by PPH · · Score: 1

    ... are fully gruntled for your protection.

    --
    Have gnu, will travel.
  3. Social engineering - the next new tech frontier? by jenningsthecat · · Score: 1

    Yes, I know that what we now call 'social engineering' has been around for as long as humans existed, and probably longer. But when I say "new tech frontier", I mean the marriage of the scientific method, technological processes, and technologically-gathered data, with more scientifically-rigorous studies and experiments in sociology, psychology, neurology, and biology.

    Criminals are now systematically, and probably even experimentally, exploiting employees' psychological and social traits in combination with various technical vulnerabilities. The companies being attacked will feel they have no choice but to respond with their own research and experiments in the area of vetting, monitoring, influencing, and outright brainwashing their employees, (not to mention both prescribing and proscribing certain actions and behaviours), on a 24/7 basis. There will be a lot of science applied to this kind of problem; we're seeing some of it already with things like the Predictive Policing program in Chicago.

    George Orwell's work has often been mentioned here on Slashdot, and 1984 was in many ways an eerily prescient work. But if current trends such as those I've outlined above play out as I imagine, we may end up with a less metaphorical, more literal version of Orwell's dystopia.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  4. OutSourcing IT by oldgraybeard · · Score: 1

    This is interesting when you consider the companies out sourcing their IT. So that they don't even know who has the keys to their infrastructure ;)
    I can see the CEO and exec's disclaimers now, "Hey it wasn't our fault, We had nothing to do with it!" while pointing fingers ;)

  5. It's silly to think that... by BringsApples · · Score: 1

    ...there are people out there that are just 'hackers', without ever having worked quite extensively in the same environments that they hack up. To think that there are 'hackers' with tons of know-how, but no real-world experience seems naive. Of course, I'm not saying that there aren't people that 'hack at' systems, surely they do, all fucking day long. But they generally get luck here and there, and the rest of the time they are kept at bay (often by their own short-tempered childishness).

    This is the same reason why 'Edward Snowden' is known today, and not some malicious 'hacker'.

    --
    Politics; n. : A religion whereby man is god.
    1. Re:It's silly to think that... by Archtech · · Score: 2

      Throughout the later 1990s I gave talks about software security and predicted exactly this. The vast majority of "hackers" (i.e. attackers) in those days were just doing it for fun, to prove themselves, to impress their friends, or whatever. I always ended my talks by warning the audience that this "Garden of Eden" period wouldn't last. Given the large numbers of serious, dedicated criminals out there - not to mention terrorists and national aggressors - it would only be a matter of time before the techniques that had already been demonstrated without the infliction of much harm would be adopted by REAL attackers. And then the suffering would commence, on an industrial scale. Like industrial civilization itself, the Internet is just one enormous fragile target.

      The amazing thing is that it's taken so long.

      --
      I am sure that there are many other solipsists out there.
  6. Re:why is this linked to a blogspam summary by Hylandr · · Score: 1

    +1

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  7. Thanks to H1Bs by nehumanuscrede · · Score: 2

    It won't even cost that much to bribe an insider.

    A native worker is expensive, but an offshore type who is brought in to replace the expensive folks. . . . not so much.

    Start offering the folks who make $20 / day $50,000 and watch how fast your networks fall.

  8. Total rot by Hognoxious · · Score: 1

    Piffle. Sounds like the something from a Frederick Forsythe/John Le Carré cold-war novel.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  9. Too much work by ubungy · · Score: 1

    I just call after hours and explain that my blt drive just went awol. Not sure what this means but they're usually tripping over themselves to help me with whatever information I need.

  10. Insert free advert for Kaspersky Lab by khz6955 · · Score: 1

    Nothing to read here, moving on ...